US7441122B2 - Method for providing secure access to a digital resource - Google Patents

Method for providing secure access to a digital resource Download PDF

Info

Publication number
US7441122B2
US7441122B2 US10/854,589 US85458904A US7441122B2 US 7441122 B2 US7441122 B2 US 7441122B2 US 85458904 A US85458904 A US 85458904A US 7441122 B2 US7441122 B2 US 7441122B2
Authority
US
United States
Prior art keywords
motifs
tables
digital
motif
authentication code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US10/854,589
Other versions
US20040243855A1 (en
Inventor
Sylvain Plagne
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bouygues Telecom SA
Original Assignee
Bouygues Telecom SA
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Family has litigation
First worldwide family litigation filed litigation Critical https://patents.darts-ip.com/?family=8869880&utm_source=google_patent&utm_medium=platform_link&utm_campaign=public_patent_search&patent=US7441122(B2) "Global patent litigation dataset” by Darts-ip is licensed under a Creative Commons Attribution 4.0 International License.
Application filed by Bouygues Telecom SA filed Critical Bouygues Telecom SA
Assigned to BOUYGUES TELECOM, A CORP. FRANCE reassignment BOUYGUES TELECOM, A CORP. FRANCE ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PLAGNE, SYLVAIN
Publication of US20040243855A1 publication Critical patent/US20040243855A1/en
Assigned to BOUYGUES TELECOM, A CORPORATION OF FRANCE reassignment BOUYGUES TELECOM, A CORPORATION OF FRANCE CORRECTION OF ASSIGNEE'S ADDRESS PREVIOUSLY RECORDED ON AUGUST 2, 2004 AT REEL 015633/0360 Assignors: PLAGNE, SYLVAIN
Application granted granted Critical
Publication of US7441122B2 publication Critical patent/US7441122B2/en
Assigned to BOUYGUES TELECOM reassignment BOUYGUES TELECOM CONFIRMATORY ASSIGNMENT Assignors: PLAGNE, SYLVAIN
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/82Protecting input, output or interconnection devices
    • G06F21/83Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof

Definitions

  • This invention pertains to the field of computer-related security by the input of a personal information unit that is secret for the referenced user and comparison with the content of a secret memory for the authorization of access to a service or a functionality.
  • the password is usually constituted of a sequence of alphanumeric characters. Such passwords are difficult to remember especially when the password is an arbitrary sequence of alphanumeric characters. The user frequently selects the same password for different equipment (access code for a portable computer, cell phone code, etc.) to resolve this problem. This multiplies the risks that a malicious third party can intercept the password. It also occurs frequently that the password is selected from among sequences that are easy to remember (1234, ABCD, 0000 or a date of birth or other sequence that would be easy to guess) which considerably reduces the security of such authentication methods.
  • EP 1022922 which describes an authentication method comprising a registration step during which the subscriber selects and records a password in the form of a sequence of characters and authentication steps during which the user inputs a password and transmits it to the server for comparison and validation.
  • WO 113243 discloses a user identification method that enables identification of a user who is a subscriber to a service on a computer network. This method consists notably of requesting that the user submit a unique graphic to the service provider via the intermediary of the information page, the graphic comprising integrated data pertaining to a second password and comparing a first submitted password with the extracted second password to determine whether the predefined relationship exists between the passwords. The user is granted the status of identified subscribing user if the predefined relationship exists and is then provided with access to the service.
  • the methods based on alphanumeric passwords are also easy to break by using robots generating permutations of alphanumeric characters.
  • An authentication method was proposed in EP 0677801 based on the designation of graphic zones of a predetermined image in a predetermined order. That method comprises means for displaying a predetermined image, means for storing a predetermined number of positions in the predetermined image and means for enabling a user to designate positions in the displayed image.
  • This invention relates to a method for providing secure access to a digital resource including a learning step including selecting a secret digital authentication code and registering the code in an electronic memory, and an authentication step including inputting a digital information unit and comparing the information unit input with the digital authentication code recorded in the electronic memory, the authentication step emitting an approval signal when the comparison is positive, wherein the learning step includes displaying at least one table including a multiplicity of motifs arranged according to a matrix correlated with an input device including a predetermined number of command zones and selecting a graphic code by activating at least one command zone associated with a selected motif, and recording the identifier of the selected motif in an electronic memory to form a digital authentication code, and wherein the authentication step includes displaying at least the table of motifs and transmitting to a calculator the identifier(s) of the motifs designated by a user by activating the command zone associated with the motif, the calculator emitting a function conformity signal between the digital authentication code and the digital information unit transmitted to the calculator.
  • This invention also relates to a method for providing secure access to a digital resource including selecting a secret digital authentication code and registering the code in an electronic memory by displaying at least one table including a multiplicity of motifs arranged according to a matrix correlated with an input device including a predetermined number of command zones and selecting a graphic code by activating at least one command zone associated with a selected motif, and recording the identifier of the selected motif, and inputting a digital information unit and comparing the information unit input with the digital authentication code recorded in the electronic memory, emitting an approval signal when the comparison is positive by displaying at least the table of motifs and transmitting to a calculator the identifier(s) of the motifs designated by a user by activating the command zone associated with the motif, the calculator emitting a function conformity signal between the digital authentication code and the digital information unit transmitted to the calculator.
  • FIG. 1 represents a schematic view of a system for the implementation of the invention.
  • the invention in its most general sense pertains to a method for providing secure access to a digital resource comprising a learning step that includes selecting a secret digital authentication code and registering it in an electronic memory, and an authentication step including inputting a digital information unit and comparing the information unit input with the digital authentication code recorded in the electronic memory, the authentication step emitting an approval signal when the comparison is positive, wherein the learning step comprises an operation of displaying at least one table comprising a multiplicity of motifs arranged according to a matrix correlated with a designation means (such as a keyboard or a touch-sensitive display, for example) comprising a predetermined number of command zones (such as a key or a zone of a touch-sensitive display, for example) and an operation of selecting a graphic code including activating at least one command zone associated with a selected motif, and recording the identifier of the selected motif in an electronic memory to form a digital authentication code, and wherein the authentication step includes displaying at least the table of motifs and transmitting to a calculator the identifier(s) of the
  • the authentication code is constituted of a sequence of motif identifiers, the motifs being organized in the form of a matrix correlated with the distribution of the keys of a keyboard.
  • Each table preferably comprises 3 ⁇ L motifs associated with 3L identifiers, L being comprised between 1 and 5, and preferably equal to 3 or 4.
  • This mode of implementation is particularly suitable for the designation of the motif by the action on the key of a keyboard designed for keying in a telephone number. This approach provides an alternative to the use of a touch-sensitive display.
  • the method comprises a personalization step comprising a step of displaying N tables originating from a library of M tables, each table being subdivided into P motifs, each table being associated with an identifier T i and each motif being associated with an identifier M Ti,j , a step of recording at least one identifier M Ti,j selected by activation of a key associated with the corresponding motif, and a step of recording an authentication code comprising the identifiers of the selected tables and motifs, the authentication step comprising a step of displaying at least a part P of said N tables, of recording an information unit corresponding to the key associated with a motif of each table activated by the user, and of comparing the information with the authentication code recorded during the personalization step.
  • P is preferably smaller than N.
  • the order of display of the P tables is random.
  • the arrangement of the M Ti,j motifs of a table T i is preferably random.
  • the method comprises a step of recording in the memory of a client equipment unit a library of digital tables.
  • it comprises a step of downloading from a memory of a server comprising a library of M tables of a subset of N digital tables into the memory of a client equipment unit.
  • it comprises a step of secure transmission of the identifiers M Ti,j of the motifs designated by the user on a client equipment unit to a server, the recording processing of the authentication code and comparison being performed on the server.
  • the invention also pertains to a system comprising at least one individual equipment unit and an authentication server for conditional access to a digital server wherein the authentication server comprises a memory for recording a library of digital tables formed by a multiplicity of motifs and a secure memory to record the authentication codes of the authorized users, the individual equipment units comprising a memory to record a library of digital tables, the system comprising exchange means of the identifiers of the motifs for the personalization steps of the authentication code and verification of authorization of a user.
  • Such a system is intended for the implementation of the above-described method from an authentication server exploited by a multiplicity of client equipment units, e.g., cell phones.
  • the invention also pertains to an individual equipment unit for conditional access to a digital service, comprising a memory for recording a library of digital tables formed by a multiplicity of motifs and a secure memory for recording the authentication codes of the authorized users, as well as a memory for recording a library of digital tables, the system comprising exchange means of identifiers of the motifs for the personalization step of the authentication code and verification of the authorization of a user.
  • Such a system is intended for the local implementation of the above-described method from client equipment units, e.g., cell phones, a microcomputer, a personal digital assistant (PDA) or the like.
  • client equipment units e.g., cell phones, a microcomputer, a personal digital assistant (PDA) or the like.
  • PDA personal digital assistant
  • FIG. 1 the description below pertains to the remote mode of use of the method.
  • the method comprises an introductory learning step and a normal use step.
  • the introductory step enables the user to select a certain number of tables of motifs.
  • the authentication server ( 1 ) transmits to an equipment unit ( 2 ), e.g., a cell phone, a first file in the form of digital data (in the data block of the control packet in accordance with the standard GSM 03.48 if the invention exploits the possibilities of the SIM card.
  • an equipment unit ( 2 ) e.g., a cell phone
  • This file corresponds to the graphical elements enabling display on the screen ( 3 ) of a table extracted from a multiplicity of tables originating from a library recorded in a memory ( 4 ) of the server.
  • This table is subdivided into 9 graphical elements ( 5 ) forming pictograms or symbolic designs (the symbols used on highway signs, chemical symbols, signs of the zodiac or the like).
  • the user can accept or reject a displayed tabled by activating a control by hitting a key on a telephone, e.g., the validation key normally used for scrolling the menu or a telephone function key.
  • a key on a telephone e.g., the validation key normally used for scrolling the menu or a telephone function key.
  • the server transmits a new file corresponding to a new table originating from the library of tables.
  • the table In the case of acceptance, it records the identifier of the table in a memory ( 6 ) comprising a table associated with each of the referenced users. Moreover, the file is recorded in a local memory ( 7 ) to enable during subsequent exchanges between the server ( 1 ) and the equipment ( 2 ), the transmission solely of the table identifier and not the complete graphical file.
  • the user specifies which of the motifs to be selected in the future upon request for authentication. For example, if each table is constituted by 9 motifs, the user specifies which of the 9 motifs are stored in memory. This information is transmitted to the server in the form of the identifier of the selected motif and recorded in the above-mentioned table.
  • the registration procedure comprises, for example, recording of 4 identifiers of motifs originating from 4 different tables.
  • the identification server thus has available for each referenced user the information units necessary to verify an access code and possibly to generate an authorization signal for the activation of an associated service.
  • the implemented learning procedure describes the equipment to be made secure.
  • this learning step can be performed on an Internet site, by telephone, by mail (the user indicates the selected tables and responses, and an operator is responsible for inputting the results) or the like.
  • the preferred motifs and tables selected by the user are recorded in a computer-based server referred to as the “authentication server.”
  • the user Upon subsequent attempts at remote connection, the user will see displayed on the screen of the terminal all or part of the selected tables. For each of these tables, the user must press on the key of the terminal corresponding to the response that were given during the learning phase. If the terminal has a touch-sensitive display, the user can select the motif directly rather than pressing on a key.
  • the responses are sent to the authentication server. If the responses correspond to the responses recorded during the learning phase, the user is authenticated. In the contrary case, authentication will be denied (according to particular modes of implementation, a certain number of attempts can be authorized).
  • the infrastructure used can be schematized as follows:
  • the presentation of the tables can be random as can be the order of the motifs in a table.
  • the transmission of a random order of the tables is controlled by the server, by the transmission of table identifiers selected during the personalization phase in any order whatsoever.
  • the position of the motifs in a table can be random, the selection of a motif triggering the transmission of the corresponding identifier irrespective of its position in the table.
  • the invention can also be implemented locally.
  • the tables are recorded solely in a local memory and the comparison between the motifs selected and the motifs recorded during the personalization step is also implemented locally.

Abstract

A method for providing secure access to a digital resource including a learning step including selecting a secret digital authentication code and registering the code in an electronic memory; and an authentication step including inputting a digital information unit and comparing the information unit input with the digital authentication code recorded in the electronic memory, the authentication step emitting an approval signal when the comparison is positive, wherein the learning step includes displaying at least one table including a multiplicity of motifs arranged according to a matrix correlated with an input device including a predetermined number of command zones and selecting a graphic code by activating at least one command zone associated with a selected motif, and recording the identifier of the selected motif in an electronic memory to form a digital authentication code, and wherein the authentication step includes displaying at least the table of motifs and transmitting to a calculator the identifier(s) of the motifs designated by a user by activating the command zone associated with the motif, the calculator emitting a function conformity signal between the digital authentication code and the digital information unit transmitted to the calculator.

Description

RELATED APPLICATION
This is a continuation of International Application No. PCT/FR02/04094, with an international filing date of Nov. 28, 2002 (WO 03/046730, published Jun. 5, 2003), which is based on French Patent Application No. 01/15386, filed Nov. 28, 2001.
FIELD OF THE INVENTION
This invention pertains to the field of computer-related security by the input of a personal information unit that is secret for the referenced user and comparison with the content of a secret memory for the authorization of access to a service or a functionality.
BACKGROUND
The use of passwords to control access to resources such as computers, databases, telecommunication equipment or access control systems is well known. Prior to being given access to a requested resource, the user inputs a valid password normally known only by the user and recorded in a memory of the system thus ensuring the control of the identity between the input password and the recorded password.
The password is usually constituted of a sequence of alphanumeric characters. Such passwords are difficult to remember especially when the password is an arbitrary sequence of alphanumeric characters. The user frequently selects the same password for different equipment (access code for a portable computer, cell phone code, etc.) to resolve this problem. This multiplies the risks that a malicious third party can intercept the password. It also occurs frequently that the password is selected from among sequences that are easy to remember (1234, ABCD, 0000 or a date of birth or other sequence that would be easy to guess) which considerably reduces the security of such authentication methods.
One example of a system is EP 1022922 which describes an authentication method comprising a registration step during which the subscriber selects and records a password in the form of a sequence of characters and authentication steps during which the user inputs a password and transmits it to the server for comparison and validation.
Also known is WO 113243 which discloses a user identification method that enables identification of a user who is a subscriber to a service on a computer network. This method consists notably of requesting that the user submit a unique graphic to the service provider via the intermediary of the information page, the graphic comprising integrated data pertaining to a second password and comparing a first submitted password with the extracted second password to determine whether the predefined relationship exists between the passwords. The user is granted the status of identified subscribing user if the predefined relationship exists and is then provided with access to the service.
The methods based on alphanumeric passwords are also easy to break by using robots generating permutations of alphanumeric characters.
Another drawback of these solutions is based on the fact that the repeated input of the password causes wear of the input keys which makes it easy to detect the password.
An authentication method was proposed in EP 0677801 based on the designation of graphic zones of a predetermined image in a predetermined order. That method comprises means for displaying a predetermined image, means for storing a predetermined number of positions in the predetermined image and means for enabling a user to designate positions in the displayed image.
That solution is not satisfactory either because it uses a pointing device, and involves manipulation of graphic objects requiring adequate memories and noteworthy expenses for transmitting the graphical objects in the case in which they are recorded on a server.
It would therefore be advantageous to resolve these drawbacks by providing a method providing secure access to a resource, especially to a computer-related or telecommunication resource, conciliating a high degree of security and a more convenient use.
SUMMARY OF THE INVENTION
This invention relates to a method for providing secure access to a digital resource including a learning step including selecting a secret digital authentication code and registering the code in an electronic memory, and an authentication step including inputting a digital information unit and comparing the information unit input with the digital authentication code recorded in the electronic memory, the authentication step emitting an approval signal when the comparison is positive, wherein the learning step includes displaying at least one table including a multiplicity of motifs arranged according to a matrix correlated with an input device including a predetermined number of command zones and selecting a graphic code by activating at least one command zone associated with a selected motif, and recording the identifier of the selected motif in an electronic memory to form a digital authentication code, and wherein the authentication step includes displaying at least the table of motifs and transmitting to a calculator the identifier(s) of the motifs designated by a user by activating the command zone associated with the motif, the calculator emitting a function conformity signal between the digital authentication code and the digital information unit transmitted to the calculator.
This invention also relates to a method for providing secure access to a digital resource including selecting a secret digital authentication code and registering the code in an electronic memory by displaying at least one table including a multiplicity of motifs arranged according to a matrix correlated with an input device including a predetermined number of command zones and selecting a graphic code by activating at least one command zone associated with a selected motif, and recording the identifier of the selected motif, and inputting a digital information unit and comparing the information unit input with the digital authentication code recorded in the electronic memory, emitting an approval signal when the comparison is positive by displaying at least the table of motifs and transmitting to a calculator the identifier(s) of the motifs designated by a user by activating the command zone associated with the motif, the calculator emitting a function conformity signal between the digital authentication code and the digital information unit transmitted to the calculator.
BRIEF DESCRIPTION OF THE DRAWING
Better comprehension of the invention will be obtained from the description below of a nonlimitative example of implementation with reference to the attached drawing in which:
FIG. 1 represents a schematic view of a system for the implementation of the invention.
 DETAILED DESCRIPTION
The invention in its most general sense pertains to a method for providing secure access to a digital resource comprising a learning step that includes selecting a secret digital authentication code and registering it in an electronic memory, and an authentication step including inputting a digital information unit and comparing the information unit input with the digital authentication code recorded in the electronic memory, the authentication step emitting an approval signal when the comparison is positive, wherein the learning step comprises an operation of displaying at least one table comprising a multiplicity of motifs arranged according to a matrix correlated with a designation means (such as a keyboard or a touch-sensitive display, for example) comprising a predetermined number of command zones (such as a key or a zone of a touch-sensitive display, for example) and an operation of selecting a graphic code including activating at least one command zone associated with a selected motif, and recording the identifier of the selected motif in an electronic memory to form a digital authentication code, and wherein the authentication step includes displaying at least the table of motifs and transmitting to a calculator the identifier(s) of the motifs designated by the user by activation of the command zone associated with the motif, the calculator emitting a function conformity signal between the digital authentication code and the digital information unit transmitted to the calculator.
According to an advantageous mode of implementation, the authentication code is constituted of a sequence of motif identifiers, the motifs being organized in the form of a matrix correlated with the distribution of the keys of a keyboard. This mode of implementation enables implementation on equipment such as cell phones, the screens of which have a relatively weak definition.
Each table preferably comprises 3×L motifs associated with 3L identifiers, L being comprised between 1 and 5, and preferably equal to 3 or 4. This mode of implementation is particularly suitable for the designation of the motif by the action on the key of a keyboard designed for keying in a telephone number. This approach provides an alternative to the use of a touch-sensitive display.
According to one embodiment of implementation, the method comprises a personalization step comprising a step of displaying N tables originating from a library of M tables, each table being subdivided into P motifs, each table being associated with an identifier Ti and each motif being associated with an identifier MTi,j, a step of recording at least one identifier MTi,j selected by activation of a key associated with the corresponding motif, and a step of recording an authentication code comprising the identifiers of the selected tables and motifs, the authentication step comprising a step of displaying at least a part P of said N tables, of recording an information unit corresponding to the key associated with a motif of each table activated by the user, and of comparing the information with the authentication code recorded during the personalization step.
P is preferably smaller than N.
According to a preferred embodiment, the order of display of the P tables is random.
The arrangement of the MTi,j motifs of a table Ti is preferably random.
According to a preferred mode of implementation, the method comprises a step of recording in the memory of a client equipment unit a library of digital tables.
According to another preferred embodiment, it comprises a step of downloading from a memory of a server comprising a library of M tables of a subset of N digital tables into the memory of a client equipment unit.
According to yet another embodiment, it comprises a step of secure transmission of the identifiers MTi,j of the motifs designated by the user on a client equipment unit to a server, the recording processing of the authentication code and comparison being performed on the server.
The invention also pertains to a system comprising at least one individual equipment unit and an authentication server for conditional access to a digital server wherein the authentication server comprises a memory for recording a library of digital tables formed by a multiplicity of motifs and a secure memory to record the authentication codes of the authorized users, the individual equipment units comprising a memory to record a library of digital tables, the system comprising exchange means of the identifiers of the motifs for the personalization steps of the authentication code and verification of authorization of a user.
Such a system is intended for the implementation of the above-described method from an authentication server exploited by a multiplicity of client equipment units, e.g., cell phones.
The invention also pertains to an individual equipment unit for conditional access to a digital service, comprising a memory for recording a library of digital tables formed by a multiplicity of motifs and a secure memory for recording the authentication codes of the authorized users, as well as a memory for recording a library of digital tables, the system comprising exchange means of identifiers of the motifs for the personalization step of the authentication code and verification of the authorization of a user.
Such a system is intended for the local implementation of the above-described method from client equipment units, e.g., cell phones, a microcomputer, a personal digital assistant (PDA) or the like.
Turning now to FIG. 1, the description below pertains to the remote mode of use of the method.
According to a particular mode of implementation, the method comprises an introductory learning step and a normal use step. The introductory step enables the user to select a certain number of tables of motifs.
The authentication server (1) transmits to an equipment unit (2), e.g., a cell phone, a first file in the form of digital data (in the data block of the control packet in accordance with the standard GSM 03.48 if the invention exploits the possibilities of the SIM card. In the case in which the SIM card is not used, reference will be made to the appropriate standards such as GSM DATA CSD and GPRS). This file corresponds to the graphical elements enabling display on the screen (3) of a table extracted from a multiplicity of tables originating from a library recorded in a memory (4) of the server. This table is subdivided into 9 graphical elements (5) forming pictograms or symbolic designs (the symbols used on highway signs, chemical symbols, signs of the zodiac or the like).
The user can accept or reject a displayed tabled by activating a control by hitting a key on a telephone, e.g., the validation key normally used for scrolling the menu or a telephone function key.
In the case of rejection, the server transmits a new file corresponding to a new table originating from the library of tables.
In the case of acceptance, it records the identifier of the table in a memory (6) comprising a table associated with each of the referenced users. Moreover, the file is recorded in a local memory (7) to enable during subsequent exchanges between the server (1) and the equipment (2), the transmission solely of the table identifier and not the complete graphical file.
For each of the tables selected, the user specifies which of the motifs to be selected in the future upon request for authentication. For example, if each table is constituted by 9 motifs, the user specifies which of the 9 motifs are stored in memory. This information is transmitted to the server in the form of the identifier of the selected motif and recorded in the above-mentioned table.
The registration procedure comprises, for example, recording of 4 identifiers of motifs originating from 4 different tables. The identification server thus has available for each referenced user the information units necessary to verify an access code and possibly to generate an authorization signal for the activation of an associated service. In the example described, the implemented learning procedure describes the equipment to be made secure.
According to particular modes of implementation, this learning step can be performed on an Internet site, by telephone, by mail (the user indicates the selected tables and responses, and an operator is responsible for inputting the results) or the like. At the end of this learning personalization step, the preferred motifs and tables selected by the user are recorded in a computer-based server referred to as the “authentication server.”
Upon subsequent attempts at remote connection, the user will see displayed on the screen of the terminal all or part of the selected tables. For each of these tables, the user must press on the key of the terminal corresponding to the response that were given during the learning phase. If the terminal has a touch-sensitive display, the user can select the motif directly rather than pressing on a key.
At the end of this phase, the responses are sent to the authentication server. If the responses correspond to the responses recorded during the learning phase, the user is authenticated. In the contrary case, authentication will be denied (according to particular modes of implementation, a certain number of attempts can be authorized).
The two steps can be summarized by the following algorithms:
Learning and Personalization Step
    • 1. Select n tables from among m tables
    • 2. For each table 1 selected, request from the user the preferred motif response [i]
    • 3. Record the list of selected tables and responses
      Authentication Step
    • 1. Authentication server randomly selects p tables from among the n tables selected by the user, this also in a random order
    • 2. For each table request from the user the preferred motif response [i]
    • 3. Compare the responses given with the previously recorded responses
    • 4. Display the authentication result
The infrastructure used can be schematized as follows:
    • Different protocols can be used for authenticating the user, but a particular mode of implementation includes of using the WAP protocol.
    • The WAP protocol, the standards for which were set by the WAPFORUM, enables the display of images on the screen of a mobile terminal and the submission of requests to the user. The responses to these requests constitute the combination of the keys pressed by the user.
    • Other protocols can be used as a function of the capacities of the terminal employed: http protocols, SMS messages, EMS or MMS and the like.
During the authentication procedure, the presentation of the tables can be random as can be the order of the motifs in a table. The transmission of a random order of the tables is controlled by the server, by the transmission of table identifiers selected during the personalization phase in any order whatsoever.
The position of the motifs in a table can be random, the selection of a motif triggering the transmission of the corresponding identifier irrespective of its position in the table.
The invention can also be implemented locally. In this case, the tables are recorded solely in a local memory and the comparison between the motifs selected and the motifs recorded during the personalization step is also implemented locally.

Claims (22)

1. A method for providing secure access to a digital resource comprising:
a learning step and an authentication step, wherein
the learning step comprises:
displaying at least one table provided from a library of digital tables of a server, said at least one table comprising a multiplicity of motifs, each motif being associated with only one table, the multiplicity of motifs arranged according to a matrix correlated with an input device comprising a predetermined number of command zones,
selecting a graphic code by activating at least one command zone associated with a selected motif,
recording an identifier of the selected motif in an electronic memory to form a secret digital authentication code and registering the code in an electronic memory of the server, and
recording the library of digital tables in the memory of a client equipment unit;
the authentication step comprises:
displaying at least the table of motifs;
inputting a digital information unit by activating by a user the command zone associated with the motif,
transmitting to a calculator the identifier(s) of the motifs designated by a user,
comparing the digital information unit input with the secret digital authentication code recorded in the electronic memory,
emitting by the calculator a function conformity signal between the secret digital authentication code and the digital information unit transmitted to the calculator.
2. The method according to claim 1, wherein the authentication code comprises a sequence of motif identifiers, the motifs organized in the form of a matrix correlated with a distribution of keys of a keyboard.
3. The method according to claim 2, wherein each table comprises 3×L motifs associated with 3L identifiers, L being between 1 and 5.
4. The method according to claim 2, wherein each table comprises 3×L motifs associated with 3L identifiers, L being equal to 3 or 4.
5. The method according to claim 1, further comprising:
a personalization step comprising a step of displaying N tables obtained from a library of M tables, each table being subdivided into P motifs, each table being associated with an identifier Ti and each motif being associated with an identifier MTi,j;
a step of recording at least one identifier MTi,j selected by activating a key associated with a corresponding motif; and
a step of recording an authentication code comprising identifiers of the selected tables and motifs,
wherein the authentication step comprises a step of displaying at least a part P of said N tables, recording an information unit corresponding to the key associated with a motif of each table activated by the user, and comparing the information with the authentication code recorded during the personalization step.
6. The method according to claim 5, wherein P is smaller than N.
7. The method according to claim 5, wherein the order of display of part P tables is random.
8. The method according to claim 5, wherein arrangement of the MTi,j motifs of a table Ti is random.
9. The method according to claim 8, further comprising a step of downloading from a memory of a server comprising a library of M tables of a subset of N digital tables into the memory of a client equipment unit.
10. The method according to claim 9, further comprising a step of secure transmission of the identifiers MTi,j of the motifs designated by the user on a client equipment unit to a server, the recording processing of the authentication code and comparison being performed on the server.
11. The method according to claim 1, wherein the client equipment unit includes a cell phone, a microcomputer, and a personal digital assistant (PDA).
12. A method for providing secure access to a digital resource comprising:
selecting a secret digital authentication code, which comprises:
displaying at least one table providing from a library of digital tables of a server, said at least one table comprising a multiplicity of motifs, each motif being associated with only one table, the multiplicity of motifs arranged according to a matrix correlated with an input device comprising a predetermined number of command zones,
selecting a graphic code by activating at least one command zone associated with a selected motif to form a secret digital authentication code,
recording the identifier of the selected motif,
registering the code in an electronic memory, and
recording the library of digital tables in the memory of a client equipment unit,
and the method further comprising a step of inputting a digital information unit and comparing the information unit input with the digital authentication code recorded in the electronic memory, and emitting an approval signal when the comparison is positive by displaying at least the table of motifs and transmitting to a calculator the identifier(s) of the motifs designated by a user by activating the command zone associated with the motif, the calculator emitting a function conformity signal between the digital authentication code and the digital information unit transmitted to the calculator.
13. The method according to claim 12, wherein the authentication code is constituted of a sequence of motif identifiers, the motifs organized in the form of a matrix correlated with a distribution of keys of a keyboard.
14. The method according to claim 13, wherein each table comprises 3×L motifs associated with 3L identifiers, L being between 1 and 5.
15. The method according to claim 13, wherein each table comprises 3×L motifs associated with 3L identifiers, L being equal to 3 or 4.
16. The method according to claim 12, further comprising:
displaying N tables obtained from a library of M tables, each table being subdivided into P motifs, each table being associated with an identifier Ti and each motif being associated with an identifier MTi,j; recording at least one identifier MTi,j selected by activation of a key associated with the corresponding motif; and recording an authentication code comprising identifiers of the selected tables and motifs, wherein authentication comprises displaying at least a part P of the N tables, recording an information unit corresponding to the key associated with a motif of each table activated by the user, and comparing the information with the authentication code recorded.
17. The method according to claim 16, wherein P is smaller than N.
18. The method according to claim 16, wherein the order of display of the part P tables is random.
19. The method according to claim 16, wherein arrangement of the MTi,j motifs of a table Ti is random.
20. The method according to claim 19, further comprising downloading from a memory of a server comprising a library of M tables of a subset of N digital tables into the memory of a client equipment unit.
21. The method according to claim 20, further comprising securely transmitting the identifiers Mti,j of the motifs designated by the user on a client equipment unit to a server, the recording processing of the authentication code and comparison being performed on the server.
22. A method for providing secure access to a digital resource comprising:
a learning step comprising:
displaying a plurality of tables each comprising a set of motifs, wherein each motif is associated with only one table, the motifs arranged according to a matrix correlated with an input device comprising a predetermined number of command zones;
selecting tables from the plurality of tables displayed;
selecting motifs from within the selected tables by activating at least one command zone associated with the motif; and
recording the selected tables and selected motifs in an electronic memory, the selected tables and selected motifs forming a digital authentication code; and
an authentication step comprising:
displaying at least one of the selected tables;
selecting the selected motifs from within the selected tables by activating at least one command zone associated with the motif;
comparing the selected motifs with the digital authentication code recorded during the learning step; and
emitting an approval signal when the comparison is positive.
US10/854,589 2001-11-28 2004-05-26 Method for providing secure access to a digital resource Expired - Fee Related US7441122B2 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
FR0115386A FR2832825B1 (en) 2001-11-28 2001-11-28 METHOD FOR SECURING ACCESS TO A DIGITAL RESOURCE
FRFR01/15386 2001-11-28
PCT/FR2002/004094 WO2003046730A2 (en) 2001-11-28 2002-11-28 Method for making secure access to a digital resource

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2002/004094 Continuation WO2003046730A2 (en) 2001-11-28 2002-11-28 Method for making secure access to a digital resource

Publications (2)

Publication Number Publication Date
US20040243855A1 US20040243855A1 (en) 2004-12-02
US7441122B2 true US7441122B2 (en) 2008-10-21

Family

ID=8869880

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/854,589 Expired - Fee Related US7441122B2 (en) 2001-11-28 2004-05-26 Method for providing secure access to a digital resource

Country Status (9)

Country Link
US (1) US7441122B2 (en)
EP (1) EP1449092B1 (en)
AT (1) ATE326724T1 (en)
AU (1) AU2002365476A1 (en)
CA (1) CA2468890A1 (en)
DE (1) DE60211546T2 (en)
ES (1) ES2268161T3 (en)
FR (1) FR2832825B1 (en)
WO (1) WO2003046730A2 (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080184363A1 (en) * 2005-05-13 2008-07-31 Sarangan Narasimhan Coordinate Based Computer Authentication System and Methods
US20080301778A1 (en) * 2007-05-30 2008-12-04 Adam Fritz System And Method For Preventing Automated Programs and Unauthorized Users In A Network
US20130111571A1 (en) * 2011-10-27 2013-05-02 Ebay Inc. Systems and methods for creating a user credential and authentication using the created user credential
US20140019776A1 (en) * 2012-07-01 2014-01-16 Jerzy Lewak Methods of providing fast search, analysis, and data retrieval of encrypted data without decryption
US9342673B2 (en) * 2014-03-26 2016-05-17 Motorola Solutions, Inc. Method for user authentication in a device comprising a touch screen
WO2017065940A1 (en) * 2015-10-14 2017-04-20 Oread Group, LLC Content distribution system

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2009043661A1 (en) * 2007-10-04 2009-04-09 International Business Machines Corporation Authentication method and system
KR101841039B1 (en) * 2011-11-28 2018-03-28 삼성전자주식회사 Method for authenticating password and Portable Device thereof
SG10201609214RA (en) * 2016-11-03 2018-06-28 Mastercard International Inc A method and an apparatus for activating a predetermined function

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0677801A1 (en) 1994-04-04 1995-10-18 AT&T Corp. Graphical password
US5608387A (en) 1991-11-30 1997-03-04 Davies; John H. E. Personal identification devices and access control systems
US5928364A (en) 1995-11-30 1999-07-27 Casio Computer Co., Ltd. Secret data storage device, secret data reading method, and control program storing medium
US5949348A (en) 1992-08-17 1999-09-07 Ncr Corporation Method and apparatus for variable keyboard display
US6209104B1 (en) 1996-12-10 2001-03-27 Reza Jalili Secure data entry and visual authentication system and method
US20040093527A1 (en) * 2002-11-12 2004-05-13 Pering Trevor A. Method of authentication using familiar photographs
US6980081B2 (en) * 2002-05-10 2005-12-27 Hewlett-Packard Development Company, L.P. System and method for user authentication

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5608387A (en) 1991-11-30 1997-03-04 Davies; John H. E. Personal identification devices and access control systems
US5949348A (en) 1992-08-17 1999-09-07 Ncr Corporation Method and apparatus for variable keyboard display
EP0677801A1 (en) 1994-04-04 1995-10-18 AT&T Corp. Graphical password
US5928364A (en) 1995-11-30 1999-07-27 Casio Computer Co., Ltd. Secret data storage device, secret data reading method, and control program storing medium
US6209104B1 (en) 1996-12-10 2001-03-27 Reza Jalili Secure data entry and visual authentication system and method
US6980081B2 (en) * 2002-05-10 2005-12-27 Hewlett-Packard Development Company, L.P. System and method for user authentication
US20040093527A1 (en) * 2002-11-12 2004-05-13 Pering Trevor A. Method of authentication using familiar photographs

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
USENIX Association, "Proceedings of the 9th USENIX Security Symposium", Aug. 14-17, 2000. *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080184363A1 (en) * 2005-05-13 2008-07-31 Sarangan Narasimhan Coordinate Based Computer Authentication System and Methods
US8448226B2 (en) * 2005-05-13 2013-05-21 Sarangan Narasimhan Coordinate based computer authentication system and methods
US20080301778A1 (en) * 2007-05-30 2008-12-04 Adam Fritz System And Method For Preventing Automated Programs and Unauthorized Users In A Network
US8505071B2 (en) * 2007-05-30 2013-08-06 Disney Enterprises, Inc. Preventing automated programs and unauthorized users in a network
US20130111571A1 (en) * 2011-10-27 2013-05-02 Ebay Inc. Systems and methods for creating a user credential and authentication using the created user credential
US10013545B2 (en) * 2011-10-27 2018-07-03 Paypal, Inc. Systems and methods for creating a user credential and authentication using the created user credential
US20140019776A1 (en) * 2012-07-01 2014-01-16 Jerzy Lewak Methods of providing fast search, analysis, and data retrieval of encrypted data without decryption
US8959365B2 (en) * 2012-07-01 2015-02-17 Speedtrack, Inc. Methods of providing fast search, analysis, and data retrieval of encrypted data without decryption
US9342673B2 (en) * 2014-03-26 2016-05-17 Motorola Solutions, Inc. Method for user authentication in a device comprising a touch screen
WO2017065940A1 (en) * 2015-10-14 2017-04-20 Oread Group, LLC Content distribution system

Also Published As

Publication number Publication date
EP1449092B1 (en) 2006-05-17
WO2003046730A3 (en) 2004-01-22
WO2003046730A2 (en) 2003-06-05
ES2268161T3 (en) 2007-03-16
FR2832825A1 (en) 2003-05-30
AU2002365476A1 (en) 2003-06-10
WO2003046730A9 (en) 2004-04-01
ATE326724T1 (en) 2006-06-15
US20040243855A1 (en) 2004-12-02
EP1449092A2 (en) 2004-08-25
DE60211546T2 (en) 2007-04-26
FR2832825B1 (en) 2004-04-02
DE60211546D1 (en) 2006-06-22
CA2468890A1 (en) 2003-06-05
AU2002365476A8 (en) 2003-06-10

Similar Documents

Publication Publication Date Title
US6078908A (en) Method for authorizing in data transmission systems
EP2368339B1 (en) Secure transaction authentication
EP1504561B1 (en) Methods and systems for secure transmission of information using a mobile device
EP2355443B1 (en) Network authentication method and device for implementing the same
US7188314B2 (en) System and method for user authentication interface
JP3956130B2 (en) Authentication device, authentication system, authentication method, program, and recording medium
US6990586B1 (en) Secure data transmission from unsecured input environments
CA2665961C (en) Method and system for delivering a command to a mobile device
US9667626B2 (en) Network authentication method and device for implementing the same
US20030177366A1 (en) Method and apparatus for dynamic personal identification number management
WO2006065002A1 (en) User authentication method in another network using digital signature made by mobile terminal
CN101473331B (en) User authenticating method, user authenticating system, user authenticating device
US7441122B2 (en) Method for providing secure access to a digital resource
EP1868125A1 (en) Method for identifying a user of a computer system
GB2377523A (en) User identity verification system
KR100320119B1 (en) System and method for monitoring fraudulent use of id and media for storing program source thereof
CN105991619A (en) Safety authentication method and device
KR19990037750A (en) Communication terminal apparatus embedded the function generating One Time Password based on the challenge/response
JP2003152895A (en) Personal information opening system and information opening method
KR101009842B1 (en) Mobile communication terminal for management of privacy information
KR101170822B1 (en) Confirmation method using variable secret puzzle
JP2001344210A (en) Method for certifying portable terminal
KR20060032016A (en) Authentication information inputing method and authenticating method by using itself when internet banking
KR20180011530A (en) Apparatus and method for authentication, and computer program and recording medium applied to the same

Legal Events

Date Code Title Description
AS Assignment

Owner name: BOUYGUES TELECOM, A CORP. FRANCE, FRANCE

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PLAGNE, SYLVAIN;REEL/FRAME:015633/0360

Effective date: 20040630

AS Assignment

Owner name: BOUYGUES TELECOM, A CORPORATION OF FRANCE, FRANCE

Free format text: CORRECTION OF ASSIGNEE'S ADDRESS PREVIOUSLY RECORDED ON AUGUST 2, 2004 AT REEL 015633/0360;ASSIGNOR:PLAGNE, SYLVAIN;REEL/FRAME:015735/0347

Effective date: 20040630

AS Assignment

Owner name: BOUYGUES TELECOM, FRANCE

Free format text: CONFIRMATORY ASSIGNMENT;ASSIGNOR:PLAGNE, SYLVAIN;REEL/FRAME:025619/0421

Effective date: 20101216

FPAY Fee payment

Year of fee payment: 4

REMI Maintenance fee reminder mailed
LAPS Lapse for failure to pay maintenance fees
STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20161021